Page 1 of 2

Greylisting problem

Posted: 10 Mar 2015 16:09
by andyitc
I have a client that is running the latest EFA and they have a supplier who is sending them emails that always get greylisted. What happens is that the sending server always sends from a different IP address (They are using 254 different IP addresses). The first time that they get grey-listed the sending server will then try from a different IP address but then that get grey-listed and so on and eventually the email does not get delivered. I previously manually added all 254 addresses for that domain but it seems to have now forgotten most of them and I don't want to have to regularly type them all in as it is quite time consuming. I am wondering if is possible to exclude certain domains from being greylisted.

Re: Greylisting problem

Posted: 10 Mar 2015 21:51
by shawniverson
Are the 254 addresses in a single contiguous segment?

Re: Greylisting problem

Posted: 10 Mar 2015 22:00
by andyitc
Yes they are

Re: Greylisting problem

Posted: 11 Mar 2015 12:35
by shawniverson
Try adding a class c network....do this by just entering the first three octets into the whitelist

Sender name: somesender
Sender domain: somedomain.com
Source (class c or d): 123.123.123

Re: Greylisting problem

Posted: 11 Mar 2015 16:58
by andyitc
Tried adding the Class C but it didn't help

Andy

Re: Greylisting problem

Posted: 25 Mar 2015 06:03
by pdwalker
andyitc wrote:Tried adding the Class C but it didn't help

Andy
Any joy with solving your problem?

Re: Greylisting problem

Posted: 25 Mar 2015 08:03
by andyitc
unfortunately I haven't got anywhere with this problem

Re: Greylisting problem

Posted: 25 Mar 2015 10:00
by DaN
Does
"Opt-out domains
(recipients for whom messages are never greylisted)"
not work?

Re: Greylisting problem

Posted: 25 Mar 2015 10:08
by andyitc
Surely that would stop any recipient from being greylisted at all or am I misunderstanding the way that this is working? Strange thing is I have just checked and they are not waiting for this domain in the greylist now. It could be thatit has now managed to populate with all of the IP addresses

Re: Greylisting problem

Posted: 25 Mar 2015 10:12
by DaN
EFA-Webinterface -> Greylist -> Optout domain -> add ONE domain
mails from this domain are never greylisted

Re: Greylisting problem

Posted: 25 Mar 2015 10:19
by andyitc
Thank You.Ii had previously done this but I think it takes time before it becomes apparent that this is working. The terminology is confusing as it says

Opt-out domains
(recipients for whom messages are never greylisted)

It should actually say Opt-out domains
(senders for whom messages are never greylisted)

as it is the senders and not the recipients that we need to exclude from checking

Re: Greylisting problem

Posted: 25 Mar 2015 10:40
by DaN
I'm afraid i am wrong. Sorry. I have to test again.

Re: Greylisting problem

Posted: 25 Mar 2015 10:41
by pdwalker
my case is a little different

I have an upstream mail provider that removes all viral laden messages before passing them back to us (essentially they are our "smart host" for those particular domains.

The messages they send us are greylisted when any traffic from their IPs should immediately be accepted.

I can't figure out how to handle that.

Re: Greylisting problem

Posted: 25 Mar 2015 11:00
by DaN
If the source IP's are from the same subnet xxx.xxx.xxx(.yyy) and "Greylist" -> "Domains" -> "Add to whitelist" is used, does this work?
Sender domain: thedomain.tld
Source (class c or d): xxx.xxx.xxx

Just guessing.

Re: Greylisting problem

Posted: 25 Mar 2015 11:50
by pdwalker
tried that. Still getting grey listed.

I've tried:
sender domain: *
source: xxx.yyy.zzz

(the sender domains will be the original senders, not the domain of the virus removing provider/smarthost I am using).

Re: Greylisting problem

Posted: 25 Mar 2015 22:52
by shawniverson
I don't think the sender domain can be a wildcard...

Re: Greylisting problem [solved for me]

Posted: 26 Mar 2015 04:42
by pdwalker
nope. you cannot.

I solved the problem in the end

edit /etc/sqlgrey/clients_ip_whitelist.local
add in each ip address, line by line
/etc/sqlgrey restart

watch as the maillog changes from
Mar 26 12:34:37 efa postfix/smtpd[14224]: NOQUEUE: reject: RCPT from mail6.bemta17.messagelabs.com[117.120.20.71]: 451 4.7.1 <receiver@receiver.domain>: Recipient address rejected: Greylisted for 5 minutes; from=<sender@sender.domain> to=<receiver@receiver.domain> proto=ESMTP helo=<mail6.bemta17.messagelabs.com>
to
Mar 26 12:35:31 efa sqlgrey: whitelist: sender@sender.domain, 117.120.16.199(mail6.bemta10.messagelabs.com) -> receiver@receiver.domain

Re: Greylisting problem

Posted: 08 Jul 2016 13:34
by ovizii
I know this is an old thread but after reading: /etc/sqlgrey/clients_fqdn_whitelist would it not be easier to add your domain to /etc/sqlgrey/clients_fqdn_whitelist.local?

Re: Greylisting problem

Posted: 08 Jul 2016 13:35
by ovizii
andyitc wrote:Opt-out domains
(recipients for whom messages are never greylisted)

It should actually say Opt-out domains
(senders for whom messages are never greylisted)

as it is the senders and not the recipients that we need to exclude from checking
where would one report this? I totally agree its mislabeled.

Re: Greylisting problem

Posted: 28 Jul 2016 22:47
by dbrunt
Create & add IP ranges to: /etc/sqlgrey/clients_ip_whitelist.local
and/or
Create & add domains to /etc/sqlgrey/clients_fqdn_whitelist.local

See the original SQLGrey files for examples but do not modify the originals as they will be overwritten by a module update!
/etc/sqlgrey/clients_ip_whitelist
/etc/sqlgrey/clients_fqdn_whitelist

For IP's, you can add Class A, B, C or D addresses:
ie.
192.168.25.26
192.168.25
192.168
192

For _fqdn_ entries:
##
# SQLgrey expects the following expressions:
#
# hostname.domain.com # whole system name (least CPU intensive)
# *.domain.com # whitelist any fqdn in the domain 'domain.com'
# /regexp/ # whitelist any fqdn matching the regexp (by far most CPU intensive)

Re: Greylisting problem

Posted: 28 Jul 2016 22:52
by dbrunt
Also, occasionally run:

[root@efa sqlgrey]# update_sqlgrey_config

updating /etc/sqlgrey/clients_fqdn_whitelist:
--- /etc/sqlgrey/clients_fqdn_whitelist 2015-02-26 18:45:56.317999767 -0800
+++ clients_fqdn_whitelist 2016-06-27 08:02:37.000000000 -0700
@@ -100,6 +100,14 @@
# GL-group: no retry
mail.gl-group.com

+# StartSSL: no retry
+*.startcom.org
+*.startssl.com
+
+# Outlook.com users, retries do not come from the same server.
+*.outbound.protection.outlook.com
+
+
# Do not add anything here (this file can be overwritten by SQLgrey updates and
# update_sqlgrey_config), create a "clients_fqdn_whitelist.local" file
# and add your own entries in there
updating /etc/sqlgrey/smtp_server.regexp:
--- /etc/sqlgrey/smtp_server.regexp 2015-02-26 18:45:56.422999767 -0800
+++ smtp_server.regexp 2005-03-01 16:29:45.000000000 -0800
@@ -1 +1 @@
-^(.+[._-])*(apache|bounce|bulk|delay|d?ns|external|extranet|filter|firewall|forward|gateway|gw|m?liste?s?|(bulk|dead|mass|send|[eqw])?mail(er)?|e?mail(agent|host|hub|scan(ner)?)|messagerie|mta|v?mx|out(bound)?|pop|postfix|w?proxy|rela(is|y)|serveu?r|smarthost|v?smtp|web|www)(gate|mail|mx|pool|out|server)?[0-9]*[._-]
\ No newline at end of file
+^(.+[._-])*(apache|bounce|bulk|delay|d?ns|external|extranet|filter|firewall|forward|gateway|gw|m?liste?s?|(bulk|dead|mass|send|[eqw])?mail(er)?|e?mail(agent|host|hub|scan(ner)?)|messagerie|mta|v?mx|out(bound)?|pop|postfix|w?proxy|rela(is|y)|serveu?r|smarthost|v?smtp|web|www)(gate|mail|mx|pool|out|server)?[0-9]*[._-]
[root@efa sqlgrey]#

Re: Greylisting problem

Posted: 29 Jul 2016 05:58
by ovizii
I'll add a feature suggestion for EFA to run this comand on a certain say weekly schedule?

Re: Greylisting problem

Posted: 29 Jul 2016 16:24
by dbrunt
:thumbup:

Re: Greylisting problem

Posted: 29 Jul 2016 16:41
by dbrunt
It would also be a nice feature to have the SQLGrey Webinterface have options to add/delete entries in /etc/sqlgrey/clients_ip_whitelist.local and /etc/sqlgrey/clients_fqdn_whitelist.local . . . .

Re: Greylisting problem

Posted: 29 Jul 2016 16:46
by ovizii
Good point! You might want to raise that issue with the guys who made the web interface, go to EFA => Greylisting and look towards the bottom where it says:

QLGrey webinterface v 1.1.6 by folkert@vanheusden.com and Jan Ceulen | BeeBeeC

email and URLs are there.